A pretty annoying malware.
I share this laptop with my siblings. Of course we all do not have the same consciousness with regards to malwares, virus, etc. TO my surprise, after my brother used my laptop, i wasn’t able to use the Windows XP’s command prompt again… or at least the cmd.exe prompt. Whenever I would open a command prompt box, a shutdown window will appear, then my laptop will shutdown. It reminds me of an old worm. Running notepad was ok though. So I checked out of my theory was right.
I fired up noted, typed in shutdown -a, then saved the file as test.bat. Sure enough, after double-clicking the .bat file, the shutdown message will appear. But because of the shutdown -a command in the batch file, it will abort the shutdown process.
Checking the Task Manager, i could see a bar311.exe as one of the running processes, an immediate trail of the annoying malware.
Next thing was to check for hidden files. The folder options must be something like this:
But I saw mine as:
When I change the settings, it always reverts back to that setting. Something is really fishy.
I had to do something.
I started by killing the bar311.exe process using the Task Bar.
Then enable the Folder Options settings using Regedit
Still using Regedit, search for all traces of the string bar311.exe.
“Userinit”=”userinit.exe,bar311.exe” —> remove “, bar311.exe”
Looking at the registry key
reveals an interesting find. pc-off.bat. Must be the source of the shutdown command.
remove “c:\Windows\pc-off.bat” or delete the autorun key.
Must also be where bar311.exe is located. Need to create another batch file.
Opening notepad, type the following:
del /a /f c:\windows\bar311.exe
del /a /f c:\windows\pc-off.bat
save the file as remover.bat on the desktop then double-click on its icon to run.